Vulnerabilities (CVE)

Filter

9911 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-14332 1 Clementine-player 1 Clementine 2019-07-21 1.9
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in...
CVE-2019-12913 1 Rdbrck 1 Shift 2019-07-19 2.1
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.
CVE-2019-12912 1 Rdbrck 1 Shift 2019-07-19 2.1
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.
CVE-2019-13977 1 Ovidentia 1 Ovidentia 2019-07-19 3.5
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
CVE-2019-1137 1 Microsoft 1 Exchange Server 2019-07-19 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
CVE-2019-1134 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Server 2019-07-19 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
CVE-2017-5957 2 Qemu, Virglrenderer Project 2 Qemu, Virglrenderer 2019-07-19 2.1
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of...
CVE-2019-13948 1 Syguestbook A5 Project 1 Syguestbook A5 2019-07-19 3.5
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.
CVE-2019-13313 1 Libosinfo 1 Libosinfo 2019-07-19 2.1
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
CVE-2019-13950 1 Syguestbook A5 Project 1 Syguestbook A5 2019-07-19 3.5
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment.
CVE-2019-13314 1 Redhat 1 Virt-bootstrap 2019-07-18 2.1
virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py.
CVE-2019-5221 2019-07-18 3.3
There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport...
CVE-2016-10763 2019-07-18 3.5
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
CVE-2019-5220 2019-07-18 2.1
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could...
CVE-2019-10017 1 Cmsmadesimple 1 Cms Made Simple 2019-07-18 3.5
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
CVE-2019-9700 1 Norton 1 Password Manager 2019-07-18 1.7
Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
CVE-2019-13644 1 Firefly-iii 1 Firefly Iii 2019-07-18 3.5
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page.
CVE-2019-13646 1 Firefly-iii 1 Firefly Iii 2019-07-18 3.5
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.
CVE-2019-13647 1 Firefly-iii 1 Firefly Iii 2019-07-18 3.5
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing.
CVE-2019-13645 1 Firefly-iii 1 Firefly Iii 2019-07-18 3.5
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing.